December 8, 2009 | Bratislava | Press Releases

November Top Threats: Europeans Targeted By Malware spreading via P2P and Social Networks

ESET’s malware monitoring system ThreatSense.Net® shows <a target="_blank" href=24962</buxus-link>>Win32/Conficker to be the world’s most widespread threat with a share of 9.64%. A mixture of Trojans labeled as <a target="_blank" href=26071,""</buxus-link>>INF/Autorun (7,80%) exploiting the MS Windows autorun.inf function is also holding on to its position toward the top of the pack. Third spot (7.63%) on the malware list goes to a mixture of Trojans labeled as <a target="_blank" href=26615,""</buxus-link>>Win32/PSW.OnLineGames targeting online gamers.

Month-to-month, a threat labeled as WMA/TrojanDownloader.GetCodec.Gen has climbed two slots in the ranking, being especially prevalent in western and northern Europe. This Trojan converts all audio files found on a computer to the WMA format and adds a field to the header that includes a URL pointing the user to a new codec, claiming that the codec has to be downloaded so that the media file can be read.

Win32/Injector with a share of 0.66% of all detected malware is a newcomer on the threatscape, ranking it in the overall 10th place. Win32/Injector is a generic descriptor that might be applied to any malware that injects code into a running process, often for self-protection by masking its own presence, though an injector may intercept, piggyback or modify legitimate processes for other purposes. Such malware often injects code into Internet browser processes in order to bypass firewall defenses and communicate with a botnet command and control (C&C) server.

Global Threats in November 2009 according to ESET ThreatSense.Net®

><img align="middle" width="543" src=Pictures/ThreatSense_11_2009_New.JPG</buxus-image> height="296" /> 

   

EUROPE, MIDDLE EAST, AFRICA (EMEA)

European Internet users, as well as clients in other parts of the world were afflicted by the Win32/Conficker worm that has reached an especially high rate in the Ukraine – 24.99% and similarly high occurrence in Russia (18.39%). Other countries afflicted by it include Serbia (9.11%), Bulgaria (16.55%), Romania (12.74%), Hungary (7.79%), Germany (7.18%), Great Britain (6.59%), Italy 8.68%) and Republic of South Africa (17.32%). INF/Autorun was the most often detected threat by ThreatSense.Net in Ireland (6.84%), Israel (3.42%), Latvia 4.06%) and Slovenia (4.24%). From a local point of view, the threat that has registered as No. 3 globally - Win32/PSW.OnLineGames - ranked No. 1 in Turkey (15.17%), Slovakia (9.22%), Poland (16.45%), France (10.23%), Spain (10.14%) and Greece (7.91%).

 

Koobface Attacking Northern Europe; Dangerous Wigon in the Czech Republic

Aside from the famous types of malware, the users in Europe were also exposed to worms targeting social networks, such as Facebook, MySpace and Twitter. Variants of <a target="_blank" href=26089,""</buxus-link>>Win32/Koobface with 3.57% share have ranked among the top 3 in Austria, a higher infiltration rate than caused by Win32/Conficker in this country. Win32/Koobface has also been ranked among the top 3 threats in Norway (4.33%), Denmark (2.25%) and Israel (2.46%).

Noteworthy malware facts: Perhaps due to the low share of PC users in Greenland, the Win32/Koobface worm was statistically the most widespread threat in this country, reaching 32.79% of all November detections sent to ThreatSense.Net by ESET customers.

For the month of November 2009, <a target="_blank" href=26427,""</buxus-link>>Win32/Wigon is the most widespread type of malware appearing in the Czech Republic (3,52%) and Austria (5,45%). It’s aim is to download other malicious content into the user’s PC via encrypted files. The program does not store these malicious files on the disk, instead it inserts them directly into the running processes. Wigon has been known to create an exceptions in the firewall in order to evade detection. This dangerous form of malware has reached higher shares of occurrence in Switzerland (2,03%), Slovakia (1,21%) and Italy (0,66%). The trojan creates and runs a new threat with its own program code within one of the running processes.

ESET ThreatSense.Net® has also registered a high occurrence of Win32/Peerfrag.EU – a variant of a worm spreading via exchangeable media and through P2P programs. It affects mainly programs, such as DC++, eMule, Kazaa and LimeWire. To propagate, the worm uses exchangeable media. Win32/Peerfrag, a member of the extended family contains backdoor and is capable of downloading other objects from a remote PC, carry out DoS attacks or steal sensitive data from the user’s PC. Win32/Peerfrag is the most widespread threat in Estonia with a share, of 6,89%. It is also among the most widespread threats in Sweden (1,56%) and Iceland (1,40%).

 

About ESET

Founded in 1992, ESET is a global provider of security solutions for enterprises and consumers. ESET is a market leader in proactive detection of malware. Thanks to its ThreatSense.Net® technology, it is able to collect data on a volunteer basis from users all around the world, allowing it to react flexibly to emerging threats. It‘s ESET NOD32 Antivirus has been ranked by the independent AV-Comparatives testing lab as the best antivirus product worldwide (2006, 2007). ESET has offices in Bratislava, SK; Buenos Aires, AR; San Diego, USA; and has an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named to Deloitte’s Technology Fast 500 one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.

ThreatSense.Net® collects anonymous statistical information packets about the types of infiltrations detected on the users' workstations. Thanks to this information, the ESET Virus Lab has access to real-time accurate and relevant information about the most wide-spread infiltrations. The infiltrations detected by the heuristic analysis are then tabulated, with the update against malware issued before it can spread or mutate into a different variant,